Lucene search
K

35 matches found

The Hacker News
The Hacker News
added 2026/01/16 2:9 p.m.8 views

Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts

Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources HR and enterprise resource planning ERP platforms like Workday, NetSuite, and SuccessFactors to take control of victim accounts. "The extensions work in concert to...

7.5AI score
Exploits0
Securelist
Securelist
added 2025/10/17 7:0 a.m.7 views

SEO spam and hidden links: how to protect your website and your reputation

When analyzing the content of websites in an attempt to determine what category it belongs to, we sometimes get an utterly unexpected result. It could be the official page of a metal structures manufacturer or online flower shop, or, say, a law firm website, with completely neutral content, but o...

7.8AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-3161

Malware in sbrugna...

6.1CVSS6.3AI score0.00865EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/06/10 3:58 p.m.29 views

CVE-2024-37051

GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5,...

9.3CVSS6.9AI score0.03837EPSS
Exploits1References2
OSV
OSV
added 2024/05/21 2:43 p.m.15 views

GHSA-48CQ-79QQ-6F7X Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files

Impact This CVE covers the ability of 3rd party websites to access routes and upload files to users running Gradio applications locally. For example, the malicious owners of www.dontvisitme.com could put a script on their website that uploads a large file to http://localhost:7860/upload and anyon...

4.3CVSS5.8AI score0.00352EPSS
Exploits1References6
Hacker One
Hacker One
added 2024/04/06 10:17 p.m.8 views

MTN Group: Unauthorized access to PII leads to Administrator account Takeover

The vulnerability arises from insufficient restrictions placed on the list of post authors, which could be exploited by remote attackers to obtain sensitive information through wp/v2/users/15 requests. The sensitive information, including email addresses, could be obtained and used in further...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2024/01/24 1:17 p.m.65 views

Publitas: CORS Misconfiguration on █████

A cross-origin resource sharing misconfiguration was found that could allow an attacker to steal sensitive user information or force unwanted actions. The misconfiguration allowed credentials and enabled CORS for external domains. A proof of concept was shown that could exploit this to exfiltrate...

6.7AI score
Exploits0
NVD
NVD
added 2023/10/12 5:15 p.m.21 views

CVE-2023-45143

Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear Cookie headers. By design, cookie headers are forbidden request headers, disallowing them to be set in...

3.9CVSS5.6AI score0.01223EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:32 a.m.6 views

SUSE CVE-2018-5115

If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the...

7.5CVSS8.3AI score0.02582EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.7 views

SUSE CVE-2021-43540

WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox 95...

6.5CVSS8.6AI score0.00862EPSS
Exploits0References4
Hacker One
Hacker One
added 2023/01/27 12:13 p.m.19 views

Radancy: Cross-origin resource sharing: arbitrary origin trusted

referred from CWE-942: Permissive Cross-domain Policy with Untrusted Domains Issue detail The application implements an HTML5 cross-origin resource sharing CORS policy for this request that allows access from any domain. The application allowed access from the requested origin https://example.com...

6.8AI score
Exploits0
Prion
Prion
added 2022/09/16 9:15 a.m.16 views

Server side request forgery (ssrf)

The Craw Data WordPress plugin through 1.0.0 does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party sites SSRF...

4.3CVSS4.6AI score0.00552EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/09/16 8:40 a.m.17 views

CVE-2022-2912 Craw Data <= 1.0.0 - Server Side Request Forgery

The Craw Data WordPress plugin through 1.0.0 does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party sites SSRF...

4.9AI score0.00552EPSS
Exploits2References1
Malwarebytes
Malwarebytes
added 2022/02/16 4:51 p.m.26 views

Roblox Beamers steal items from kids

Roblox gamers are once again being warned to be on their guard against scammers plundering valuable digital items. Most multiplayer titles are all about customization. You won’t find many popular games where digital items aren’t up for grabs. Some games lock the items, such as outfits, weapons, o...

7.3AI score
Exploits0
OSV
OSV
added 2021/12/08 10:15 p.m.5 views

CVE-2021-43540

WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox 95...

6.5CVSS7.4AI score0.00862EPSS
Exploits0References3
OSV
OSV
added 2021/12/08 12:0 a.m.9 views

UBUNTU-CVE-2021-43540

WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox 95...

6.5CVSS6.8AI score0.00862EPSS
Exploits0References4
Schneier on Security
Schneier on Security
added 2021/10/04 10:55 p.m.26 views

Facebook Is Down

Facebook -- along with Instagram and WhatsApp -- went down globally today. Basically, someone deleted their BGP records, which made their DNS fall apart. …at approximately 11:39 a.m. ET today 15:39 UTC, someone at Facebook caused an update to be made to the companys Border Gateway Protocol BGP...

0.5AI score
Exploits0
Veracode
Veracode
added 2020/11/19 3:30 a.m.51 views

Open Redirection

notebook is vulnerable to open redirection. An attacker may send a malicious link to a notebook server resulting in a redirection of users to third-party sites...

6.1CVSS3.8AI score0.01213EPSS
Exploits0References3Affected Software1
Kitploit
Kitploit
added 2019/08/28 9:51 p.m.491 views

Sudomy - Subdomain Enumeration & Analysis

Sudomy is a subdomain enumeration tool, created using a bash script, to analyze domains and collect subdomains in fast and comprehensive way. Features For recent time,Sudomy has these 9 features: Easy, light, fast and powerful. Bash script is available by default in almost all Linux distributions...

7.1AI score
Exploits0References15
The Hacker News
The Hacker News
added 2019/04/03 2:39 p.m.56 views

WordPress iOS App Bug Leaked Secret Access Tokens to Third-Party Sites

If you have a "private" blog with WordPress.com and are using its official iOS app to create or edit posts and pages, the secret authentication token for your admin account might have accidentally been leaked to third-party websites. WordPress has recently patched a severe vulnerability in its iO...

0.5AI score
Exploits0
Rows per page
Query Builder